Understanding SELinux or Security Enhanced Linux

SELinux refers to the security policy or security module that is integrated in Linux Kernel 2.6.*. SELinux offers US Department of Defence style mandatory access control and is much secure than PAM. It was introduced by Red Hat with version 4 and is generally available with Red Hat based distributions. Further it became available with certain Debian and Ubuntu distros too.

Security Enhanced Linux defines the access rights of every user, application, process and file present in the system. It then monitor the activity that requires access to certain files/directory, it may be a user or an applications request to access those. The request is sent to the security server in the kernel, where it checks for the security context of the request source and the requested data. If the context are compatible, the permission is granted. If it is denied, then a message is issued in /var/log/message with avc: denied. In modern systems, however, a graphical notification pops up displaying the detailed report of all the players in the process along with the commands to deal with the permissions.

SELinux works in three operating modes:

1. Enforcing: Security Enhanced Linux policies are enforced, i.e. strict denial as soon as the contexts mismatch without the consent of the user.

2. Permissive: Security Enhanced Linux issues warning messages but the policy is not enforced. Here, the user makes the decision to grant/deny the permission.

Enabling SELinux

We need to make entry in the SELinux file present in the system, which is the primary configuration file for SELinux. We can make entry in either “/etc/sysconfig/selinux” or “/etc/selinux/config” file, by editing SELINUX = ENFORCING. Open the terminal and type the following:

Following image shows the config file, here, changes are made in line no. 7.

Selinux disabled

The similar approach can be applied for activating permissive mode too.

Security Enhanced Linux provide variety of features, that include individual policy assigning and advanced secure environment. Keep in check with us to follow comparison among SELinux, PAM and APPArmor.